Jigasi outgoing calls won't work; however incoming calls OK

I’ve installed Jitsi and Jigasi on an Ubuntu 18.04 Server, with Jigasi using an Asterisk SIP extension. It’s just the standard procedure from docs. All seems to be working so far, except invite someone. When I try including another Asterisk extension from GUI, it complains “Failed to add participant”. This is what I have in logs:

2021-12-19 15:18:00.858 INFO: [200] org.jitsi.jigasi.xmpp.CallControl.handleDialIq().195 [ctx=16399450808541738517610] Got dial request fromnumber -> 258 room: siptest@conference.meet.mydomain.com
2021-12-19 15:18:00.859 INFO: [200] org.jitsi.jigasi.JvbConference.start().484 [ctx=16399450808541738517610] Starting JVB conference room: siptest@conference.meet.mydomain.com
2021-12-19 15:18:00.862 INFO: [200] org.jitsi.jigasi.JvbConference.setXmppProvider().620 [ctx=16399450808541738517610] Using ProtocolProviderServiceJabberImpl(Jabber:55c0840c@meet.mydomain.com/55c0840c)
2021-12-19 15:18:01.132 INFO: [203] org.igniterealtime.jbosh.BOSHClient.init() Starting with 1 request processors
2021-12-19 15:18:01.363 WARNING: [204] org.jivesoftware.smack.bosh.XMPPBOSHConnection.shutdown() shutdown
java.lang.NullPointerException
	at org.igniterealtime.jbosh.BOSHClient.send(BOSHClient.java:494)
	at org.igniterealtime.jbosh.BOSHClient.disconnect(BOSHClient.java:586)
	at org.igniterealtime.jbosh.BOSHClient.disconnect(BOSHClient.java:567)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection.shutdown(XMPPBOSHConnection.java:266)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection.notifyConnectionError(XMPPBOSHConnection.java:417)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection$BOSHConnectionListener.connectionEvent(XMPPBOSHConnection.java:464)
	at org.igniterealtime.jbosh.BOSHClient.fireConnectionClosedOnError(BOSHClient.java:1684)
	at org.igniterealtime.jbosh.BOSHClient.dispose(BOSHClient.java:713)
	at org.igniterealtime.jbosh.BOSHClient.processExchange(BOSHClient.java:1138)
	at org.igniterealtime.jbosh.BOSHClient.processMessages(BOSHClient.java:999)
	at org.igniterealtime.jbosh.BOSHClient.access$300(BOSHClient.java:100)
	at org.igniterealtime.jbosh.BOSHClient$RequestProcessor.run(BOSHClient.java:1728)
	at java.lang.Thread.run(Thread.java:748)
2021-12-19 15:18:01.364 WARNING: [204] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener() Connection XMPPBOSHConnection[not-authenticated] (2) closed with error
org.igniterealtime.jbosh.BOSHException: Could not obtain response
	at org.igniterealtime.jbosh.ApacheHTTPResponse.awaitResponse(ApacheHTTPResponse.java:251)
	at org.igniterealtime.jbosh.ApacheHTTPResponse.getBody(ApacheHTTPResponse.java:192)
	at org.igniterealtime.jbosh.BOSHClient.processExchange(BOSHClient.java:1123)
	at org.igniterealtime.jbosh.BOSHClient.processMessages(BOSHClient.java:999)
	at org.igniterealtime.jbosh.BOSHClient.access$300(BOSHClient.java:100)
	at org.igniterealtime.jbosh.BOSHClient$RequestProcessor.run(BOSHClient.java:1728)
	at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alert.createSSLException(Alert.java:131)
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:324)
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:262)
	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
	at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
	at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
	at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
	at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
	at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152)
	at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1392)
	at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1300)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:435)
	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:533)
	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:401)
	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:470)
	at org.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:65)
	at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
	at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)
	at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131)
	at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
	at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)
	at org.igniterealtime.jbosh.ApacheHTTPResponse.awaitResponse(ApacheHTTPResponse.java:235)
	... 6 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:456)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:323)
	at sun.security.validator.Validator.validate(Validator.java:271)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:315)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:223)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
	... 29 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:451)
	... 35 more
2021-12-19 15:18:01.373 INFO: [203] impl.protocol.jabber.OperationSetBasicTelephonyJabberImpl.registrationStateChanged().127 Jingle : ON 
2021-12-19 15:18:01.374 INFO: [203] org.jitsi.jigasi.JvbConference.registrationStateChanged().679 [ctx=16399450808541738517610] Registering XMPP.
2021-12-19 15:18:01.374 WARNING: [203] org.jivesoftware.smack.SASLAuthentication.selectMechanism() Server did not report any SASL mechanisms
2021-12-19 15:18:01.375 SEVERE: [203] impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin().1003 Failed to connect to XMPP service
org.jivesoftware.smack.SmackException: No supported and enabled SASL Mechanism provided by server. Server announced mechanisms: []. Registered SASL mechanisms with Smack: [SASL Mech: GSSAPI, Prio: 100, SASL Mech: SCRAM-SHA-1-PLUS, Prio: 100, SASL Mech: SCRAM-SHA-1, Prio: 110, SASL Mech: DIGEST-MD5, Prio: 200, SASL Mech: CRAM-MD5, Prio: 300, SASL Mech: PLAIN, Prio: 400, SASL Mech: X-OAUTH2, Prio: 410, SASL Mech: EXTERNAL, Prio: 500, SASL Mech: ANONYMOUS, Prio: 500]. Enabled SASL mechanisms for this connection: [ANONYMOUS]. Blacklisted SASL mechanisms: [SCRAM-SHA-1-PLUS].
	at org.jivesoftware.smack.SASLAuthentication.selectMechanism(SASLAuthentication.java:361)
	at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:192)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection.loginInternal(XMPPBOSHConnection.java:222)
	at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java:491)
	at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java:448)
	at net.java.sip.communicator.impl.protocol.jabber.AnonymousLoginStrategy.login(AnonymousLoginStrategy.java:84)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:1371)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:970)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.initializeConnectAndLogin(ProtocolProviderServiceJabberImpl.java:795)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.register(ProtocolProviderServiceJabberImpl.java:500)
	at org.jitsi.jigasi.util.RegisterThread.run(RegisterThread.java:59)
2021-12-19 15:18:01.376 SEVERE: [203] org.jitsi.jigasi.JvbConference.registrationStateChanged().683 [ctx=16399450808541738517610] XMPP Connection failed.
2021-12-19 15:18:01.377 WARNING: [203] org.jitsi.jigasi.JvbConference.leaveConferenceRoom().1064 [ctx=16399450808541738517610] MUC room is null


2021-12-19 15:18:10.866 SEVERE: [200] org.jitsi.jigasi.xmpp.CallControlMucActivator.processIQInternal().626 [ctx=16399450808541738517610] Error processing RayoIq
java.lang.Exception: Fail to join muc!
	at org.jitsi.jigasi.xmpp.CallControlMucActivator$WaitToJoinRoom.waitToJoinRoom(CallControlMucActivator.java:725)
	at org.jitsi.jigasi.xmpp.CallControlMucActivator$DialIqHandler.setDialResponseAndRegisterHangUpHandler(CallControlMucActivator.java:658)
	at org.jitsi.jigasi.xmpp.CallControlMucActivator$DialIqHandler.processIQInternal(CallControlMucActivator.java:615)
	at org.jitsi.jigasi.xmpp.CallControlMucActivator$DialIqHandler.lambda$processIQ$0(CallControlMucActivator.java:576)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
2021-12-19 15:19:33.005 INFO: [200] org.jitsi.jigasi.xmpp.CallControl.handleDialIq().195 [ctx=1639945173004700338662] Got dial request fromnumber -> 258 room: siptest@conference.meet.mydomain.com
2021-12-19 15:19:33.006 INFO: [200] org.jitsi.jigasi.JvbConference.start().484 [ctx=1639945173004700338662] Starting JVB conference room: siptest@conference.meet.mydomain.com
2021-12-19 15:19:33.009 INFO: [200] org.jitsi.jigasi.JvbConference.setXmppProvider().620 [ctx=1639945173004700338662] Using ProtocolProviderServiceJabberImpl(Jabber:1e8d43a0@meet.mydomain.com/1e8d43a0)
2021-12-19 15:19:33.014 INFO: [216] org.igniterealtime.jbosh.BOSHClient.init() Starting with 1 request processors
2021-12-19 15:19:33.040 WARNING: [217] org.jivesoftware.smack.bosh.XMPPBOSHConnection.shutdown() shutdown
java.lang.NullPointerException
	at org.igniterealtime.jbosh.BOSHClient.send(BOSHClient.java:494)
	at org.igniterealtime.jbosh.BOSHClient.disconnect(BOSHClient.java:586)
	at org.igniterealtime.jbosh.BOSHClient.disconnect(BOSHClient.java:567)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection.shutdown(XMPPBOSHConnection.java:266)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection.notifyConnectionError(XMPPBOSHConnection.java:417)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection$BOSHConnectionListener.connectionEvent(XMPPBOSHConnection.java:464)
	at org.igniterealtime.jbosh.BOSHClient.fireConnectionClosedOnError(BOSHClient.java:1684)
	at org.igniterealtime.jbosh.BOSHClient.dispose(BOSHClient.java:713)
	at org.igniterealtime.jbosh.BOSHClient.processExchange(BOSHClient.java:1138)
	at org.igniterealtime.jbosh.BOSHClient.processMessages(BOSHClient.java:999)
	at org.igniterealtime.jbosh.BOSHClient.access$300(BOSHClient.java:100)
	at org.igniterealtime.jbosh.BOSHClient$RequestProcessor.run(BOSHClient.java:1728)
	at java.lang.Thread.run(Thread.java:748)
2021-12-19 15:19:33.041 WARNING: [217] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener() Connection XMPPBOSHConnection[not-authenticated] (3) closed with error
org.igniterealtime.jbosh.BOSHException: Could not obtain response
	at org.igniterealtime.jbosh.ApacheHTTPResponse.awaitResponse(ApacheHTTPResponse.java:251)
	at org.igniterealtime.jbosh.ApacheHTTPResponse.getBody(ApacheHTTPResponse.java:192)
	at org.igniterealtime.jbosh.BOSHClient.processExchange(BOSHClient.java:1123)
	at org.igniterealtime.jbosh.BOSHClient.processMessages(BOSHClient.java:999)
	at org.igniterealtime.jbosh.BOSHClient.access$300(BOSHClient.java:100)
	at org.igniterealtime.jbosh.BOSHClient$RequestProcessor.run(BOSHClient.java:1728)
	at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alert.createSSLException(Alert.java:131)
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:324)
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
	at sun.security.ssl.TransportContext.fatal(TransportContext.java:262)
	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
	at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
	at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
	at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
	at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
	at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152)
	at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1392)
	at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1300)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:435)
	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:533)
	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:401)
	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:470)
	at org.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:65)
	at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
	at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)
	at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131)
	at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
	at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)
	at org.igniterealtime.jbosh.ApacheHTTPResponse.awaitResponse(ApacheHTTPResponse.java:235)
	... 6 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:456)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:323)
	at sun.security.validator.Validator.validate(Validator.java:271)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:315)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:223)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
	... 29 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:451)
	... 35 more
2021-12-19 15:19:33.047 INFO: [216] impl.protocol.jabber.OperationSetBasicTelephonyJabberImpl.registrationStateChanged().127 Jingle : ON 
2021-12-19 15:19:33.048 INFO: [216] org.jitsi.jigasi.JvbConference.registrationStateChanged().679 [ctx=1639945173004700338662] Registering XMPP.
2021-12-19 15:19:33.048 WARNING: [216] org.jivesoftware.smack.SASLAuthentication.selectMechanism() Server did not report any SASL mechanisms
2021-12-19 15:19:33.049 SEVERE: [216] impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin().1003 Failed to connect to XMPP service
org.jivesoftware.smack.SmackException: No supported and enabled SASL Mechanism provided by server. Server announced mechanisms: []. Registered SASL mechanisms with Smack: [SASL Mech: GSSAPI, Prio: 100, SASL Mech: SCRAM-SHA-1-PLUS, Prio: 100, SASL Mech: SCRAM-SHA-1, Prio: 110, SASL Mech: DIGEST-MD5, Prio: 200, SASL Mech: CRAM-MD5, Prio: 300, SASL Mech: PLAIN, Prio: 400, SASL Mech: X-OAUTH2, Prio: 410, SASL Mech: EXTERNAL, Prio: 500, SASL Mech: ANONYMOUS, Prio: 500]. Enabled SASL mechanisms for this connection: [ANONYMOUS]. Blacklisted SASL mechanisms: [SCRAM-SHA-1-PLUS].
	at org.jivesoftware.smack.SASLAuthentication.selectMechanism(SASLAuthentication.java:361)
	at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:192)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection.loginInternal(XMPPBOSHConnection.java:222)
	at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java:491)
	at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java:448)
	at net.java.sip.communicator.impl.protocol.jabber.AnonymousLoginStrategy.login(AnonymousLoginStrategy.java:84)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:1371)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:970)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.initializeConnectAndLogin(ProtocolProviderServiceJabberImpl.java:795)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.register(ProtocolProviderServiceJabberImpl.java:500)
	at org.jitsi.jigasi.util.RegisterThread.run(RegisterThread.java:59)
2021-12-19 15:19:33.050 SEVERE: [216] org.jitsi.jigasi.JvbConference.registrationStateChanged().683 [ctx=1639945173004700338662] XMPP Connection failed.
2021-12-19 15:19:33.050 WARNING: [216] org.jitsi.jigasi.JvbConference.leaveConferenceRoom().1064 [ctx=1639945173004700338662] MUC room is null
2021-12-19 15:19:43.009 SEVERE: [200] org.jitsi.jigasi.xmpp.CallControlMucActivator.processIQInternal().626 [ctx=1639945173004700338662] Error processing RayoIq
java.lang.Exception: Fail to join muc!
	at org.jitsi.jigasi.xmpp.CallControlMucActivator$WaitToJoinRoom.waitToJoinRoom(CallControlMucActivator.java:725)
	at org.jitsi.jigasi.xmpp.CallControlMucActivator$DialIqHandler.setDialResponseAndRegisterHangUpHandler(CallControlMucActivator.java:658)
	at org.jitsi.jigasi.xmpp.CallControlMucActivator$DialIqHandler.processIQInternal(CallControlMucActivator.java:615)
	at org.jitsi.jigasi.xmpp.CallControlMucActivator$DialIqHandler.lambda$processIQ$0(CallControlMucActivator.java:576)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)

I noticed that incoming calls works as expected: If I call from ext 258 to my room, I can get in and audio is OK both ways. I’m using openJDK 8, now, but I’ve tried with both openjdk-11-jre-headless and openjdk-8-jre-headless, both with similar results.

My install process was the standard, with wildcard certificates from my company. Jitsi server is on a public IP address, and Asterisk server is also on a public IP address. Jitsi domain is meet.mydomain.com, Asterisk domain is asterisk.mydomain.com, Jitsi extension is 667. At test time, no SIP INVITE packet comes from Jitsi server to Asterisk, confirmed with tcpdump.

My Jigasi config (sanitized):

org.jitsi.jigasi.DEFAULT_JVB_ROOM_NAME=siptest@conference.meet.mydomain.com
org.jitsi.jigasi.MUC_SERVICE_ADDRESS=conference.meet.mydomain.com
net.java.sip.communicator.impl.protocol.SingleCallInProgressPolicy.enabled=false
net.java.sip.communicator.impl.neomedia.codec.audio.opus.encoder.COMPLEXITY=10
net.java.sip.communicator.packetlogging.PACKET_LOGGING_ENABLED=false
net.java.sip.communicator.impl.protocol.sip.acc1403273890647=acc1403273890647
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.ACCOUNT_UID=SIP\:667@asterisk.mydomain.com
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PASSWORD=MySuperSecretPassword
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PROTOCOL_NAME=SIP
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.SERVER_ADDRESS=asterisk.mydomain.com
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.USER_ID=667@asterisk.mydomain.com
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.KEEP_ALIVE_INTERVAL=25
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.KEEP_ALIVE_METHOD=OPTIONS
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.VOICEMAIL_ENABLED=false
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.AMR-WB/16000=750
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.G722/8000=700
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.GSM/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.H263-1998/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.H264/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.PCMA/8000=600
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.PCMU/8000=650
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/12000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/16000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/24000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.VP8/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.iLBC/8000=10
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.opus/48000=1000
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.red/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.speex/16000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.speex/32000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.speex/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.telephone-event/8000=1
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.ulpfec/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.OVERRIDE_ENCODINGS=true
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.DEFAULT_ENCRYPTION=false
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.DOMAIN_BASE=meet.mydomain.com
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1=acc-xmpp-1
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.ACCOUNT_UID=Jabber:jigasi@auth.meet.mydomain.com
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.USER_ID=jigasi@auth.meet.mydomain.com
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IS_SERVER_OVERRIDDEN=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.SERVER_ADDRESS=127.0.0.1
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.SERVER_PORT=5222
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.ALLOW_NON_SECURE=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.PASSWORD=MzM2T3pGYjREWmlsOXdVbw==
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.AUTO_GENERATE_RESOURCE=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.RESOURCE_PRIORITY=30
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.KEEP_ALIVE_METHOD=XEP-0199
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.KEEP_ALIVE_INTERVAL=30
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.CALLING_DISABLED=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.JINGLE_NODES_ENABLED=false
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IS_CARBON_DISABLED=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.DEFAULT_ENCRYPTION=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IS_USE_ICE=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IS_ACCOUNT_DISABLED=false
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IS_PREFERRED_PROTOCOL=false
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.AUTO_DISCOVER_JINGLE_NODES=false
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.PROTOCOL=Jabber
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IS_USE_UPNP=false
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IM_DISABLED=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.SERVER_STORED_INFO_DISABLED=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IS_FILE_TRANSFER_DISABLED=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.USE_DEFAULT_STUN_SERVER=false
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.ENCRYPTION_PROTOCOL.DTLS-SRTP=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.ENCRYPTION_PROTOCOL_STATUS.DTLS-SRTP=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.OVERRIDE_ENCODINGS=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.G722/8000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.GSM/8000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.H263-1998/90000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.H264/90000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.PCMA/8000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.PCMU/8000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.SILK/12000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.SILK/16000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.SILK/24000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.SILK/8000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.VP8/90000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.iLBC/8000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.opus/48000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.speex/16000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.speex/32000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.speex/8000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.BREWERY=JigasiBrewery@internal.auth.meet.mydomain.com
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.BOSH_URL_PATTERN=https://{host}{subdomain}/http-bind?room={roomName}
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.DOMAIN_BASE=meet.mydomain.com
org.jitsi.jigasi.ALLOWED_JID=JigasiBrewery@internal.auth.meet.mydomain.com
org.jitsi.jigasi.BREWERY_ENABLED=true
org.jitsi.jigasi.xmpp.acc.IS_SERVER_OVERRIDDEN=true
org.jitsi.jigasi.xmpp.acc.SERVER_ADDRESS=127.0.0.1
org.jitsi.jigasi.xmpp.acc.VIDEO_CALLING_DISABLED=true
org.jitsi.jigasi.xmpp.acc.JINGLE_NODES_ENABLED=false
org.jitsi.jigasi.xmpp.acc.AUTO_DISCOVER_STUN=false
org.jitsi.jigasi.xmpp.acc.IM_DISABLED=true
org.jitsi.jigasi.xmpp.acc.SERVER_STORED_INFO_DISABLED=true
org.jitsi.jigasi.xmpp.acc.IS_FILE_TRANSFER_DISABLED=true
org.jitsi.jigasi.xmpp.acc.KEEP_ALIVE_METHOD=XEP-0199
org.jitsi.jigasi.xmpp.acc.KEEP_ALIVE_INTERVAL=30
org.jitsi.jigasi.xmpp.acc.USE_DEFAULT_STUN_SERVER=false
org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true
net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true

What could be going wrong here? Suspect something related to certificates, but I’ve already enabled ALLOW_NON_SECURE and ALWAYS_TRUST_MODE_ENABLED as suggested in docs. From other logs nothing seems wrong, and all remaining functions seems to work OK.

Are you using self-signed certificate on the server?

Thanks for the reply. No, my certificates are wildcard certificates issued by Sectigo, and works just fine on any browser tested.

The logs show you had configured jigasi to connect using bosh to prosody for the account that will join the brewery room and the bosh fails to validate the certificate, currently ALWAYS_TRUST_MODE_ENABLED does not work for bosh.

What is your config there?

TBH, I didn’t fully understand the question. However, here is my prosody config. Note I didn’t change anything from the standard config done by apt install command:

plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "meet.mydomain.com";

external_service_secret = "NejNhUvbqxfF9wfY";
external_services = {
     { type = "stun", host = "meet.mydomain.com", port = 3478 },
     { type = "turn", host = "meet.mydomain.com", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
     { type = "turns", host = "meet.mydomain.com", port = 5349, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
};

cross_domain_bosh = false;
consider_bosh_secure = true;
-- https_ports = { }; -- Remove this line to prevent listening on port 5284

-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
ssl = {
    protocol = "tlsv1_2+";
    ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
}

unlimited_jids = {
    "focus@auth.meet.mydomain.com",
    "jvb@auth.meet.mydomain.com"
}

VirtualHost "meet.mydomain.com"
    -- enabled = false -- Remove this line to enable this host
    authentication = "anonymous"
    -- Properties below are modified by jitsi-meet-tokens package config
    -- and authentication above is switched to "token"
    --app_id="example_app_id"
    --app_secret="example_app_secret"
    -- Assign this host a certificate for TLS, otherwise it would use the one
    -- set in the global section (if any).
    -- Note that old-style SSL on port 5223 only supports one certificate, and will always
    -- use the global one.
    ssl = {
        key = "/etc/prosody/certs/meet.mydomain.com.key";
        certificate = "/etc/prosody/certs/meet.mydomain.com.crt";
    }
    av_moderation_component = "avmoderation.meet.mydomain.com"
    speakerstats_component = "speakerstats.meet.mydomain.com"
    conference_duration_component = "conferenceduration.meet.mydomain.com"
    -- we need bosh
    modules_enabled = {
        "bosh";
        "pubsub";
        "ping"; -- Enable mod_ping
        "speakerstats";
        "external_services";
        "conference_duration";
        "muc_lobby_rooms";
        "muc_breakout_rooms";
        "av_moderation";
    }
    c2s_require_encryption = false
    lobby_muc = "lobby.meet.mydomain.com"
    breakout_rooms_muc = "breakout.meet.mydomain.com"
    main_muc = "conference.meet.mydomain.com"
    -- muc_lobby_whitelist = { "recorder.meet.mydomain.com" } -- Here we can whitelist jibri to enter lobby enabled rooms

Component "conference.meet.mydomain.com" "muc"
    restrict_room_creation = true
    storage = "memory"
    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
        "polls";
        --"token_verification";
        "muc_rate_limit";
    }
    admins = { "focus@auth.meet.mydomain.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true

Component "breakout.meet.mydomain.com" "muc"
    restrict_room_creation = true
    storage = "memory"
    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
        --"token_verification";
        "muc_rate_limit";
    }
    admins = { "focus@auth.meet.mydomain.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true

-- internal muc component
Component "internal.auth.meet.mydomain.com" "muc"
    storage = "memory"
    modules_enabled = {
        "ping";
    }
    admins = { "focus@auth.meet.mydomain.com", "jvb@auth.meet.mydomain.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true

VirtualHost "auth.meet.mydomain.com"
    ssl = {
        key = "/etc/prosody/certs/auth.meet.mydomain.com.key";
        certificate = "/etc/prosody/certs/auth.meet.mydomain.com.crt";
    }
    modules_enabled = {
        "limits_exception";
    }
    authentication = "internal_hashed"

-- Proxy to jicofo's user JID, so that it doesn't have to register as a component.
Component "focus.meet.mydomain.com" "client_proxy"
    target_address = "focus@auth.meet.mydomain.com"

Component "speakerstats.meet.mydomain.com" "speakerstats_component"
    muc_component = "conference.meet.mydomain.com"

Component "conferenceduration.meet.mydomain.com" "conference_duration_component"
    muc_component = "conference.meet.mydomain.com"

Component "avmoderation.meet.mydomain.com" "av_moderation_component"
    muc_component = "conference.meet.mydomain.com"

Component "lobby.meet.mydomain.com" "muc"
    storage = "memory"
    restrict_room_creation = true
    muc_room_locking = false
    muc_room_default_public_jids = true
    modules_enabled = {
        "muc_rate_limit";
    }

Also, my certificates are on /etc/ssl/meet.mydomain.com.crt and /etc/ssl/meet.mydomain.com.key, and I entered these paths in the wizard at install time.

Jigasi config, I mean.

The sip-communications.properties is the one posted in the first message. There, the only thing that seems related to BOSH is:

net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.BOSH_URL_PATTERN=https://{host}{subdomain}/http-bind?room={roomName}

The other jigasi config file is config:

# Jigasi settings
JIGASI_SIPUSER=667@asterisk.mydomain.com
JIGASI_SIPPWD=MySuperSecretPassword
JIGASI_OPTS=""
JIGASI_HOSTNAME=meet.mydomain.com
JIGASI_HOST=localhost

# adds java system props that are passed to jigasi (default are for logging config file)
JAVA_SYS_PROPS="-Djava.util.logging.config.file=/etc/jitsi/jigasi/logging.properties"

And if you open meet.mydomain.com in the browser there is no error about the certs? And what about if you check the cert chain https://whatsmychaincert.com/?

1 Like

Here was the problem! Seems my chain certificate was incomplete. I’ve put the full chain, and now both incoming and outgoing calls works! Thanks!!! :v:

1 Like

I’m noting this exact problem (identical error log as the OP) - yet I’m using self signed certs. It’s an upgraded install from a pre-“brewery” version of the stack, so I guess I’m missing something someplace. Will post if I find it it case it is helpful, Also appreciate tips.